digital publishing

Which is the best, (and easiest) way to upload a digital publication (newsletter) with restricted access, so that only those authorized can read it only online
And how to prevent downloading it.
Is there some script, programm or app for this?

"Only online" is an illusion; it's never going to happen unless you can restrict the readers to using only designated and secured machines (with no available ports or removable media drives), in a secured location (and taking away their phones, cameras, etc.). Yes, it is a common request/spec (particularly in the corporate development world), but it just ain't gonna happen nohow. The best you can do is make it difficult.

The publication itself can be stored as HTML in a directory that is not accessible to web users (that is, it's not within the public_html directory) and is included programmatically by a scripted page, such that only logged-in users can see the page. (You can also check a database to see whether or not a subscription is active or a particular publication has been paid for.) Do note that images would have to be web-accessible unless they are stored in the document as base64-encoded data URIs. Or you can store it as a BLOB (binary large object) in a database if you want to use a PDF or another e-publication format (ePub, Mobi, etc.). You can sort of hybridize the approaches if you wish to include a DRM key of some sort (writing the pub file per user request if you decide to allow download).

As for "preventing" downloads, you can try disabling the context menu (right click), but that's so easily gotten around that it's rarely worthwhile trying. The best you can hope for is to prevent people who aren't very familiar with their browsers from downloading, and maybe discouraging a handful of people who do know what to do, but hadn't noticed the prominent "don't download" notice you've put on the site. I've even seen people go so far as to use a monospaced font and putting every third word on a different layer to prevent copy/paste. That just makes people angry, resentful, and more likely to scrape your site completely, distributing it on multiple channels. There's usually a reason why people want access to the information, and if you get too cute with the when, where and how aspects, they'll find the information and the relationship with you a whole lot loss less worth protecting (or valuable at all). Starting off with a declaration that basically says to the user "I'm going to assume that you're a thief and can't keep a secret" isn't going to end well.